CN109639637B - Content detection method and device and electronic equipment - Google Patents

Content detection method and device and electronic equipment Download PDF

Info

Publication number
CN109639637B
CN109639637B CN201811310840.2A CN201811310840A CN109639637B CN 109639637 B CN109639637 B CN 109639637B CN 201811310840 A CN201811310840 A CN 201811310840A CN 109639637 B CN109639637 B CN 109639637B
Authority
CN
China
Prior art keywords
detection
network
network address
network object
crawling
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811310840.2A
Other languages
Chinese (zh)
Other versions
CN109639637A (en
Inventor
李海亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Advanced New Technologies Co Ltd
Advantageous New Technologies Co Ltd
Original Assignee
Advanced New Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Advanced New Technologies Co Ltd filed Critical Advanced New Technologies Co Ltd
Priority to CN201811310840.2A priority Critical patent/CN109639637B/en
Publication of CN109639637A publication Critical patent/CN109639637A/en
Application granted granted Critical
Publication of CN109639637B publication Critical patent/CN109639637B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Technology Law (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a content detection method, a content detection device and electronic equipment, wherein the method can acquire relevant information of a network object to be detected; determining a risk label of the network object based on the related information of the network object; and performing security detection on the content corresponding to the network object based on the detection strategy matched with the risk label, wherein the detection strategies corresponding to different risk labels are different.

Description

Content detection method and device and electronic equipment
Technical Field
The present application relates to the field of computer technologies, and in particular, to a content detection method and apparatus, and an electronic device.
Background
In the field of internet security, security detection of content corresponding to each network object (e.g., network address) is one of important research topics.
At present, a mode of crawling and detecting all contents corresponding to network addresses needing to be detected in a full amount is adopted, and it can be understood that if the number of the network addresses needing to be detected is small, the crawling and detecting in the full amount are easy to realize; however, if the number of network addresses to be detected is large, the computation resources, time cost and labor cost required for crawling and detecting the network addresses at one time are high, and the detection efficiency is low.
Disclosure of Invention
The embodiment of the application provides a content detection method, a content detection device and electronic equipment, so as to improve the efficiency of detecting content corresponding to a network object.
In order to solve the above technical problem, the embodiment of the present application is implemented as follows:
in a first aspect, a content detection method is provided, where the method includes:
acquiring related information of a network object to be detected;
determining a risk label of the network object based on the related information of the network object;
and performing security detection on the content corresponding to the network object based on the detection strategy matched with the risk label, wherein the detection strategies corresponding to different risk labels are different.
In a second aspect, a content detection apparatus is provided, the apparatus comprising:
the information acquisition module is used for acquiring related information of the network object to be detected;
a tag determination module for determining a risk tag of the network object based on the related information of the network object;
and the first detection module is used for carrying out security detection on the content corresponding to the network object based on the detection strategy matched with the risk label, wherein the detection strategies corresponding to different risk labels are different.
In a third aspect, an electronic device is provided, including:
a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to:
acquiring related information of a network object to be detected;
determining a risk label of the network object based on the related information of the network object;
and performing security detection on the content corresponding to the network object based on the detection strategy matched with the risk label, wherein the detection strategies corresponding to different risk labels are different.
In a fourth aspect, a computer-readable storage medium is presented, the computer-readable storage medium storing one or more programs that, when executed by an electronic device that includes a plurality of application programs, cause the electronic device to:
acquiring related information of a network object to be detected;
determining a risk label of the network object based on the related information of the network object;
and performing security detection on the content corresponding to the network object based on the detection strategy matched with the risk label, wherein the detection strategies corresponding to different risk labels are different.
As can be seen from the technical solutions provided in the embodiments of the present application, the solutions provided in the embodiments of the present application have at least one of the following technical effects: because the risk label of the network object is determined firstly, and then the content corresponding to the network object is subjected to security detection based on the detection strategy matched with the risk label of the network object, and the detection strategies corresponding to different risk labels are different, rather than detecting the content corresponding to all the network objects every time, the data volume of single detection is relatively reduced, so that the resource consumption can be reduced, the detection time can be shortened, and the efficiency of the content corresponding to the network object can be improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a schematic flow chart of a content detection method provided in an embodiment of the present disclosure.
Fig. 2 is another schematic flow chart of a content detection method provided in an embodiment of the present disclosure.
Fig. 3 is another schematic flow chart of a content detection method provided in an embodiment of the present disclosure.
Fig. 4 is a detailed flowchart of a content detection method provided in an embodiment of the present disclosure.
Fig. 5 is a schematic structural diagram of an electronic device provided in an embodiment of the present specification.
Fig. 6 is a schematic structural diagram of a content detection apparatus provided in an embodiment of the present specification.
Fig. 7 is a schematic structural diagram of another content detection apparatus provided in an embodiment of the present specification.
Fig. 8 is another schematic flow chart of a content detection apparatus provided in an embodiment of the present specification.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail and completely with reference to the following specific embodiments of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In order to improve the efficiency of detecting the content corresponding to the network object, embodiments of the present specification provide a content detection method and apparatus, which may be applied to a detection system that needs to detect the content corresponding to the network object. For example, when the network object is a network address of a merchant of a certain e-commerce platform, the method and apparatus may be applied to a detection system for content corresponding to the network address of the merchant of the e-commerce platform.
A content detection method provided in an embodiment of the present disclosure is described in detail below with reference to fig. 1 to 4.
As shown in fig. 1, a content detection method provided in an embodiment of the present specification may include the following steps:
102, acquiring related information of the network object to be detected.
A network object refers to a network object that can provide network content, such as a network address, a user of a social application, an application in an application marketplace, and so on. If the network object is a network address, the correspondingly provided network content can be the content in a webpage corresponding to the network address; if the network object is a user of the social application, the correspondingly provided network content can be articles, videos and the like published in the social application by the user; if the network object is an application in the application market, the correspondingly provided network content may be an installation file of the application.
The information associated with the network object may include, but is not limited to, information describing characteristics of the network object itself and/or information describing characteristics of an owner (or subject) of the network object.
For example, if the network object is a network address of a merchant of the e-commerce platform, the related information of the network object may include information describing characteristics of the network address itself, such as access flow information of the network address, creation time information of the network address, history detection information of content corresponding to the network address, and the like, as well as information describing characteristics of the merchant, such as an industry type to which the merchant belongs, a transaction amount of the merchant, a reputation level of the merchant, evaluation information of the merchant by a user, a type of the merchant (e.g., whether the merchant belongs to a Business Development (BD), and the like, which describe an owner of the network object — the merchant.
If the network object is a user of the social application, the related information of the network object may include information describing characteristics of the network object, such as a geographic location of the user, a gender of the user, an industry to which historical content published in the social application by the user belongs, a type of the historical content published in the social application by the user, whether the user published illegal content, and the like.
If the network object is an application in the application market, the related information of the network object may include information describing the characteristics of the network object itself, such as the type of the application, the download amount of the application, the evaluation information of the application by the user, and the like, and information describing the characteristics of the owner of the network object, such as the download amount of other applications developed by the application developer, the types of other applications developed by the application developer, the evaluation information of other applications developed by the user, the reputation record of the application developer, and the like.
In an example, the step 102 may acquire the related information of the network object at a specified time or according to a certain period, and the acquisition of the related information of the network object may be longer because part of the information in the related information of the network object is less likely to change with the passage of time, and therefore, the information may be acquired at a longer period. In addition, it can be understood that the related information of the network object acquired in step 102 may be gradually accumulated and stored according to the acquisition time, and for some related information that is not easy to change, the related information may be acquired and used for a long time after being acquired once, which makes the amount of data acquired at one time in step 102 relatively small, and therefore, the efficiency of detecting the content corresponding to the network object is not affected.
And 104, determining the risk label of the network object based on the related information of the network object.
The risk label can be used for representing the risk degree of the corresponding existence of the network object. In this embodiment, the risk label of the network object may be formed by combining at least one risk indicator according to a preset logical relationship, or the risk label may include at least one risk indicator combined according to a preset logical relationship. The preset logical relationship includes, but is not limited to, logical relationships such as "and" or ".
As an example, when the network object is a network address of a merchant in a preset e-commerce platform, the risk indicator may be any one of the following indicators: whether the merchant corresponding to the network address is in a white list, the access heat of the network address, whether the network address is a newly added network address, the industry type of the merchant corresponding to the network address, the transaction amount of the merchant corresponding to the network address, whether the merchant corresponding to the network address is a BD merchant, whether the merchant corresponding to the network address has a correction record, and the like.
Continuing to take the network object as an example of presetting the network address of the merchant in the e-commerce platform, the risk label of the network object may be, for example, "the merchant corresponding to the network address is not a merchant in the white list because the access heat of the network address is greater than 1 ten thousand per day", or "the transaction amount of the merchant corresponding to the network address is not zero and the merchant corresponding to the network address is not a BD merchant", and so on.
And 106, performing security detection on the content corresponding to the network object based on the detection strategy matched with the risk label, wherein the detection strategies corresponding to different risk labels are different.
Optionally, before step 106, the content detection method provided in an embodiment of the present specification may further include: and pre-configuring detection strategies matched with the risk labels, wherein the detection strategies corresponding to different risk labels can be different.
The detection strategy may include a detection period, a detection depth, a detection range, a specific content detection rule, and the like. For example, when the network object is a network address, the detection depth may be a hierarchy depth of a web page corresponding to the network address, for example, for a website, after entering a home page, a plurality of pages of a next hierarchy may be entered after clicking an option button in the home page, and then further another page of a next hierarchy may be entered after clicking an option button in a page of the next hierarchy; the detection range may be the number of web pages that need to capture content, etc.
In the security field of the content corresponding to the network object, a large amount of risks are generally concentrated on a small number of network objects, for example, in an e-commerce platform, the risks of newly added network addresses and merchants are generally high, the risks of some merchants with long existence and large scale are low, the risks of information exposure with particularly high network address heat are high, and the like. Therefore, the network objects can be classified based on the risk labels, and different detection strategies can be configured for the risk labels representing different risk degrees, specifically, when the risk degree represented by one risk label is high, a relatively strict detection strategy can be configured, and conversely, when the risk degree represented by one risk label is high, a relatively loose detection strategy can be configured.
Taking the detection policy including the detection period as an example, if the network object is the network address of a merchant in a preset e-commerce platform, when the risk label of the network address is that "the access heat of the network address is higher than the preset value and the merchant corresponding to the network address is not a merchant in a white list", the detection policy matched with the risk label may be once a day; when the risk label of the network address is "the access amount of the network address is zero and the network address is a new address", the detection policy matched with the risk label may be once every three days.
It can be understood that, assuming that a certain e-commerce platform needs to perform security detection on the content corresponding to 100 ten thousand network addresses, if a related technology is adopted, the content corresponding to the 100 network addresses needs to be acquired for detection every day, which is very large in data size and time-consuming. However, if the content detection method provided in the embodiment of the present specification is applied, since the risks of the network objects are classified according to the risk labels, and then different detection strategies are adopted for the network objects with different risk labels, it is not necessary to acquire the contents corresponding to the 100 ten thousand network addresses every day, but the contents corresponding to the partial network addresses of the 100 ten thousand network addresses are acquired every day for detection based on the detection strategy matched with the risk labels of the network addresses, which reduces the data amount required to be detected every day, shortens the detection time, and improves the detection efficiency.
In a specific implementation, if the detection policy includes a detection period, step 106 may include: determining the historical time of the security detection of the content corresponding to the network object at the latest time; and performing security detection on the content corresponding to the network object based on the detection period and the historical time contained in the detection strategy.
Further, if the network object is a network address, the performing security detection on the content corresponding to the network object based on the detection period and the historical time included in the detection policy may include: determining the crawling time for crawling the content corresponding to the network object based on the detection period and the historical time contained in the detection strategy; after the crawling time is reached, crawling the content corresponding to the network object (if the crawling time is not reached, not crawling); and carrying out security detection on the contents corresponding to the crawled network objects. The crawling step can be realized by a crawler technology, and the crawled content can be texts, pictures or videos and the like.
Still further, the detection policy may further include a crawling depth (corresponding to the detection depth in the above), a crawling range (corresponding to the detection range in the above), and a content detection rule, and the crawling of the content corresponding to the network object after reaching the crawling time includes: after the crawling time is reached, crawling content corresponding to the network object based on the crawling depth and the crawling range; and based on the content detection rule, performing security detection on the contents corresponding to the crawled network objects. The content detection rule may also be configured in advance, and the content detection rule may be a detection rule in the related art, which is not limited in the embodiment of the present specification.
In summary, according to the content detection method provided in the embodiment of the present specification, since the risk tag of the network object is determined first, and then the content corresponding to the network object is subjected to security detection based on the detection policy matched with the risk tag of the network object, and the detection policies corresponding to different risk tags are different, rather than detecting the content corresponding to all network objects every time, the data amount of single detection is relatively reduced, so that resource consumption can be reduced, the detection time can be shortened, and the efficiency of the content corresponding to the network object can be improved.
Optionally, in another embodiment, a content detection method provided in an embodiment of the present specification may further include: and carrying out security detection on the content corresponding to the network object according to a fixed detection period. The fixed detection period is greater than the period for carrying out full detection on all network objects to be detected in the related technology.
For example, if the period of performing the total detection on all the network objects to be detected in the related art is 1 day, the fixed detection period may be 5 days or one week.
The embodiments of the present disclosure aim to provide a bottom-bound content security detection scheme, which performs full detection on network objects to be detected in a longer period to prevent missing detection of contents corresponding to some network objects.
Optionally, as shown in fig. 2, in another embodiment, before step 106, a content detection method provided in an embodiment of this specification may further include:
step 108, judging whether the detection time corresponding to the fixed detection period is reached; if yes, go to step 110; otherwise, the above step 106 is performed.
The fixed detection period is greater than the period for carrying out full detection on all network objects to be detected in the related technology.
And 110, carrying out security detection on the content corresponding to the network object according to the detection strategy corresponding to the fixed detection period.
The embodiments of the present disclosure are not only directed to providing a bottom-bound content security detection scheme to prevent missing detection of contents corresponding to some network objects, but also directed to preventing detection according to a fixed detection period and detection according to a detection policy matched with the network object from conflicting, and performing repeated detection on the contents of the network object, which results in resource waste.
Optionally, as shown in fig. 3, on the basis of any one of the above embodiments, the content detection method provided in the embodiment of this specification may further include:
and 112, if the content corresponding to the network object is detected to contain the information violating the preset safety rule, auditing the network object and/or the provider of the network object.
As an example, if the network object is a user of a social application, the information violating the preset security rules may be, for example, fraud information, gambling information, etc.
As an example, if the network object is a network address of a merchant of the e-commerce platform, the provider of the network object is the merchant.
And step 114, when the network object and/or the provider of the network object have security problems through auditing, taking preset measures to process the network object and/or the provider of the network object.
As an example, if the network object is a network address of a merchant of the e-commerce platform, the preset measure may be off-shelf or rectification, etc.
The content detection method provided in the embodiments of the present description may not only improve efficiency of detecting content corresponding to a network object, but also check the network object and/or a provider of the network object when it is detected that the content corresponding to the network object violates preset security rule information, and further take preset measures to process when there is a security problem in the check.
In order to more clearly understand the content detection method provided in the embodiment of the present specification, the content detection method provided in the embodiment of the present specification is described below with a more detailed flowchart shown in fig. 4, where in this embodiment, the network object is a network address of a merchant of an e-commerce platform.
As shown in fig. 4, the content detection method provided in the embodiment of the present specification may be applied to a content detection system 400, where the system 400 includes: an information management platform 41, a data analysis platform 42, a policy management platform 43, a timed task start platform 44, a crawler seed management platform 45, a content crawling system 46, a content detection system 47, an auditing system 48, and a processing system 49.
With continued reference to fig. 4, a content detection method provided in an embodiment of the present specification may include the following steps:
step 401, the data analysis platform 42 obtains the relevant information of the network object from the information management platform 41.
Step 402, the data analysis platform 42 analyzes and determines the label of the network object based on the related information of the network object.
Step 404, the data analysis platform 42 sends the risk label of the network object to the policy management platform 43.
Step 405, the policy management platform 43 configures different detection policies for different risk tags.
Step 406, the timing task starting platform 44 starts a timing detection task; for example, the timing detection task is initiated at a fixed time of day.
Step 407, the crawler seed management platform 45 acquires a detection policy matched with the risk label of the network address from the policy management platform 43, and determines whether to detect the content corresponding to the network address in the timing detection task based on the detection policy; if so, go to step 408; if not, waiting for the next time to start the timing detection task.
Step 408, the crawler seed management platform 45 generates crawler seeds for the network addresses that need content detection.
Step 409, the crawler seed management platform 45 sends the crawler seeds to the content crawling system 46.
In step 410, the content crawling system 46 crawls the content corresponding to the network address where the content detection is required by using the crawler seeds and sends the content to the content detection system 47.
In step 411, the content detection system 47 detects content corresponding to the network address where content detection is required based on the detection policy, and sends the network address containing information violating the preset security rules in the detected content to the auditing system 48.
In step 412, the network address received by the auditing system 48 and/or the merchant corresponding to the network address are audited, and when the network address and/or the merchant corresponding to the network address have a security problem after being audited and determined, the processing system 49 is notified to take preset measures to off-shelf the network address and/or the merchant corresponding to the network address.
The above description provides a content detection method, and the following description describes an electronic device provided in the present specification.
Fig. 5 is a schematic structural diagram of an electronic device provided in an embodiment of the present specification. Referring to fig. 5, at a hardware level, the electronic device includes a processor, and optionally further includes an internal bus, a network interface, and a memory. The Memory may include a Memory, such as a Random-Access Memory (RAM), and may further include a non-volatile Memory, such as at least 1 disk Memory. Of course, the electronic device may also include hardware required for other services.
The processor, the network interface, and the memory may be connected to each other via an internal bus, which may be an ISA (Industry Standard Architecture) bus, a PCI (Peripheral Component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 5, but this does not indicate only one bus or one type of bus.
And the memory is used for storing programs. In particular, the program may include program code comprising computer operating instructions. The memory may include both memory and non-volatile storage and provides instructions and data to the processor.
The processor reads the corresponding computer program from the nonvolatile memory into the memory and then runs the computer program to form the content detection device on the logic level. The processor is used for executing the program stored in the memory and is specifically used for executing the following operations:
acquiring related information of a network object to be detected;
determining a risk label of the network object based on the related information of the network object;
and performing security detection on the content corresponding to the network object based on the detection strategy matched with the risk label, wherein the detection strategies corresponding to different risk labels are different.
The content detection method disclosed in the embodiment of fig. 1 in this specification can be applied to a processor, or can be implemented by a processor. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components. The various methods, steps and logic blocks disclosed in one or more embodiments of the present specification may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with one or more embodiments of the present disclosure may be embodied directly in hardware, in a software module executed by a hardware decoding processor, or in a combination of the hardware and software modules executed by a hardware decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor.
The electronic device may further perform the content detection method of fig. 1, which is not described herein again.
Of course, besides the software implementation, the electronic device in this specification does not exclude other implementations, such as logic devices or a combination of software and hardware, and the like, that is, the execution subject of the following processing flow is not limited to each logic unit, and may also be hardware or logic devices.
Embodiments of the present specification also propose a computer-readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed by a portable electronic device comprising a plurality of application programs, are capable of causing the portable electronic device to perform the method of the embodiment shown in fig. 1, and in particular to perform the following:
acquiring related information of a network object to be detected;
determining a risk label of the network object based on the related information of the network object;
and performing security detection on the content corresponding to the network object based on the detection strategy matched with the risk label, wherein the detection strategies corresponding to different risk labels are different.
Fig. 6 is a schematic structural diagram of a content detection apparatus 600 provided in the present specification. Referring to fig. 6, in a software implementation, the content detection apparatus 600 may include: an information acquisition module 601, a tag determination module 602, and a first detection module 603.
The information obtaining module 601 is configured to obtain relevant information of a network object to be detected.
A network object refers to a network object that can provide network content, such as a network address, a user of a social application, an application in an application marketplace, and so on.
The information associated with the network object may include, but is not limited to, information describing characteristics of the network object itself and/or information describing characteristics of an owner (or subject) of the network object.
A tag determination module 602, configured to determine a risk tag of the network object based on the related information of the network object.
The risk label can be used for representing the risk degree of the corresponding existence of the network object. In this embodiment, the risk label of the network object may be formed by combining at least one risk indicator according to a preset logical relationship, or the risk label may include at least one risk indicator combined according to a preset logical relationship. The preset logical relationship includes, but is not limited to, logical relationships such as "and" or ".
A first detection module 603, configured to perform security detection on content corresponding to the network object based on a detection policy matched with the risk tag, where detection policies corresponding to different risk tags are different.
Optionally, the content detection method provided in the embodiment of the present specification may further include: and the configuration module is used for configuring the detection strategy matched with the risk label in advance.
Specifically, when the risk degree represented by one risk label is high, a relatively strict detection strategy can be configured, and conversely, when the risk degree represented by one risk label is high, a relatively loose detection strategy can be configured.
The detection strategy may include a detection period, a detection depth, a detection range, a specific content detection rule, and the like.
In a specific implementation, if the detection policy includes a detection period, the first detection module 603 may be configured to: determining the historical time of the security detection of the content corresponding to the network object at the latest time; and performing security detection on the content corresponding to the network object based on the detection period and the historical time contained in the detection strategy.
Further, if the network object is a network address, the first detecting module 603 may be configured to: determining the crawling time for crawling the content corresponding to the network object based on the detection period and the historical time contained in the detection strategy; after the crawling time is reached, crawling the content corresponding to the network object (if the crawling time is not reached, not crawling); and carrying out security detection on the contents corresponding to the crawled network objects. The crawling step can be realized by a crawler technology, and the crawled content can be texts, pictures or videos and the like.
Still further, the detection policy may further include a crawl depth (corresponding to the detection depth above), a crawl range (corresponding to the detection range above), and a content detection rule, and the first detection module 603 may be configured to: after the crawling time is reached, crawling content corresponding to the network object based on the crawling depth and the crawling range; and based on the content detection rule, performing security detection on the contents corresponding to the crawled network objects. The content detection rule may also be configured in advance, and the content detection rule may be a detection rule in the related art, which is not limited in the embodiment of the present specification.
In the content detection apparatus 600 provided in this specification, since the risk tag of the network object is determined first, and then the content corresponding to the network object is subjected to security detection based on the detection policy matched with the risk tag of the network object, and the detection policies corresponding to different risk tags are different, rather than detecting the content corresponding to all network objects every time, the data amount of single detection is relatively reduced, so that resource consumption can be reduced, the detection time can be shortened, and the efficiency of the content corresponding to the network object can be improved.
Optionally, in another embodiment, the content detection apparatus 600 provided in this specification may further include: and the second monitoring module is used for carrying out safety detection on the content corresponding to the network object according to a fixed detection period. The fixed detection period is greater than the period for carrying out full detection on all network objects to be detected in the related technology.
The embodiments of the present disclosure aim to provide a bottom-bound content security detection scheme, which performs full detection on network objects to be detected in a longer period to prevent missing detection of contents corresponding to some network objects.
Optionally, as shown in fig. 7, in another embodiment, the content detection apparatus 600 provided in this specification may further include: a decision block 604 and a second detection block 605.
A determining module 604, configured to determine whether a detection time corresponding to a fixed detection period has been reached; if so, the second detection module 605 is triggered; otherwise, the first detection module 603 is triggered.
The fixed detection period is greater than the period for carrying out full detection on all network objects to be detected in the related technology.
A second detecting module 605, configured to perform security detection on the content corresponding to the network object according to the detection policy corresponding to the fixed detection period.
The embodiments of the present disclosure are not only directed to providing a bottom-bound content security detection scheme to prevent missing detection of contents corresponding to some network objects, but also directed to preventing detection according to a fixed detection period and detection according to a detection policy matched with the network object from conflicting, and performing repeated detection on the contents of the network object, which results in resource waste.
Optionally, as shown in fig. 8, on the basis of any of the above embodiments, the content detection apparatus 600 provided in this embodiment may further include: an audit module 606 and a processing module 607.
An auditing module 606, configured to audit the network object and/or the provider of the network object if it is detected that the content corresponding to the network object includes information violating a preset security rule.
And the processing module 607 is configured to, when it is determined that the security problem exists in the network object and/or the provider of the network object through the audit, take a preset measure to process the network object and/or the provider of the network object.
The content detection apparatus 600 provided in the embodiment of the present specification can not only improve the efficiency of detecting the content corresponding to the network object, but also further perform an audit on the network object and/or a provider of the network object when it is detected that the content corresponding to the network object violates the preset security rule information, and further take a preset measure to process when there is a security problem in the audit.
It should be noted that the content detection apparatus 600 can implement the method of the embodiment of the method in fig. 1, and reference may be made to the content detection method of the embodiment shown in fig. 1 for relevant points, which is not described herein again.
In short, the above description is only a preferred embodiment of the present disclosure, and is not intended to limit the scope of the present disclosure. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of one or more embodiments of the present disclosure should be included in the scope of protection of one or more embodiments of the present disclosure.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.

Claims (12)

1. A method of content detection, the method comprising:
acquiring relevant information of a network object to be detected, wherein the network object is a network address of a commercial tenant in a preset e-commerce platform;
determining a risk label of the network object from at least two indexes of whether a merchant corresponding to the network address is in a white list, the access heat of the network address, whether the network address is a newly added network address, the industry type of the merchant corresponding to the network address, the transaction amount of the merchant corresponding to the network address, whether the merchant corresponding to the network address is a business expansion merchant and whether the merchant corresponding to the network address is a merchant;
based on with the detection strategy that risk label matches, right the content that the network object corresponds carries out safety inspection, and risk label is used for the height that the corresponding risk degree that exists of characterization network object, and the detection strategy corresponds has the action of crawling of actual execution, and the detection strategy that different risk labels correspond is different, and the crawling depth and the crawling scope of different detection strategies are different, the crawling depth is including the level degree of the webpage that the network address that needs to snatch corresponds, the crawling scope is including the quantity of the webpage that the network address that needs to crawl corresponds.
2. The method of claim 1, wherein the first and second light sources are selected from the group consisting of,
before the security detection is performed on the content corresponding to the network object based on the detection policy matched with the risk tag, the method further includes:
and pre-configuring a detection strategy matched with the risk label.
3. The method of claim 2, wherein the first and second light sources are selected from the group consisting of,
wherein the risk label comprises at least one risk indicator combined according to a preset logical relationship.
4. The method of claim 1, wherein the first and second light sources are selected from the group consisting of,
wherein, the detection policy includes a detection period, and the security detection of the content corresponding to the network object based on the detection policy matched with the risk tag includes:
determining the historical time of the security detection of the content corresponding to the network object at the latest time;
and performing security detection on the content corresponding to the network object based on the detection period and the historical time contained in the detection strategy.
5. The method of claim 4, wherein the first and second light sources are selected from the group consisting of,
wherein, the network object is a network address, and the performing security detection on the content corresponding to the network object based on the detection period and the historical time included in the detection policy includes:
determining the crawling time for crawling the content corresponding to the network object based on the detection period and the historical time contained in the detection strategy;
after the crawling time is reached, crawling the content corresponding to the network object;
and carrying out security detection on the contents corresponding to the crawled network objects.
6. The method of claim 5, wherein the first and second light sources are selected from the group consisting of,
wherein, the detection strategy also includes crawling depth, crawling range and content detection rule, when arriving after the crawling time, crawling the content corresponding to the network object, including:
after the crawling time is reached, crawling content corresponding to the network object based on the crawling depth and the crawling range;
and based on the content detection rule, performing security detection on the contents corresponding to the crawled network objects.
7. The method of any of claims 4-6, further comprising:
and carrying out safety detection on the content corresponding to the network object according to a fixed detection period, wherein the fixed detection period is longer than the period of carrying out full detection on all the network objects needing to be detected in the related technology.
8. The method according to any one of claims 4 to 6,
before the security detection is performed on the content corresponding to the network object based on the detection policy matched with the risk tag, the method further includes:
judging whether the detection time corresponding to a fixed detection period is reached, wherein the fixed detection period is greater than a preset period for carrying out full detection on all network objects to be detected;
if so, carrying out security detection on the content corresponding to the network object according to the detection strategy corresponding to the fixed detection period;
otherwise, executing the step of carrying out security detection on the content corresponding to the network object based on the detection strategy matched with the risk label.
9. The method of any of claims 1-6, further comprising:
if the content corresponding to the network object is detected to contain information violating preset safety rules, auditing the network object and/or a provider of the network object;
and when the network object and/or the provider of the network object have security problems through auditing, adopting preset measures to process the network object and/or the provider of the network object.
10. A content detection apparatus, the apparatus comprising:
the information acquisition module is used for acquiring relevant information of a network object to be detected, wherein the network object is a network address of a merchant in a preset e-commerce platform;
a tag determination module, configured to determine a risk tag of the network object based on related information of the network object from at least two indexes, that is, whether a merchant corresponding to the network address is in a white list, an access heat of the network address, whether the network address is a newly added network address, an industry type of the merchant corresponding to the network address, a transaction amount of the merchant corresponding to the network address, whether the merchant corresponding to the network address is a business expansion merchant, and whether the merchant corresponding to the network address is a merchant corresponding to the network address;
the first detection module is used for carrying out safety detection on the content corresponding to the network object based on the detection strategy matched with the risk tag, the risk tag is used for representing the level of the risk degree existing in correspondence of the network object, the detection strategies corresponding to different risk tags are different, the crawling depth and the crawling range of different detection strategies are different, the crawling depth comprises the level depth of the webpage corresponding to the network address needing to be grabbed, and the crawling range comprises the number of the webpage corresponding to the network address needing to be grabbed.
11. An electronic device, comprising:
a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to:
acquiring relevant information of a network object to be detected, wherein the network object is a network address of a commercial tenant in a preset e-commerce platform;
determining a risk label of the network object from at least two indexes of whether a merchant corresponding to the network address is in a white list, the access heat of the network address, whether the network address is a newly added network address, the industry type of the merchant corresponding to the network address, the transaction amount of the merchant corresponding to the network address, whether the merchant corresponding to the network address is a business expansion merchant and whether the merchant corresponding to the network address is a merchant;
based on with the detection strategy that risk label matches, right the content that the network object corresponds carries out safety inspection, and risk label is used for the height that the corresponding risk degree that exists of characterization network object, and the detection strategy corresponds has the action of crawling of actual execution, and the detection strategy that different risk labels correspond is different, and the crawling depth and the crawling scope of different detection strategies are different, the crawling depth is including the hierarchical degree of depth of the webpage that the network address that needs to crawl corresponds, the crawling scope is including the quantity of the webpage that the network address that needs to crawl corresponds.
12. A computer-readable storage medium storing one or more programs that, when executed by an electronic device including a plurality of application programs, cause the electronic device to:
acquiring relevant information of a network object to be detected, wherein the network object is a network address of a commercial tenant in a preset e-commerce platform;
determining a risk label of the network object from at least two indexes of whether a merchant corresponding to the network address is in a white list, the access heat of the network address, whether the network address is a newly added network address, the industry type of the merchant corresponding to the network address, the transaction amount of the merchant corresponding to the network address, whether the merchant corresponding to the network address is a business expansion merchant and whether the merchant corresponding to the network address is a merchant;
based on with the detection strategy that risk label matches, right the content that the network object corresponds carries out safety inspection, and risk label is used for the height that the corresponding risk degree that exists of characterization network object, and the detection strategy corresponds has the action of crawling of actual execution, and the detection strategy that different risk labels correspond is different, and the crawling depth and the crawling scope of different detection strategies are different, the crawling depth is including the level degree of the webpage that the network address that needs to snatch corresponds, the crawling scope is including the quantity of the webpage that the network address that needs to crawl corresponds.
CN201811310840.2A 2018-11-06 2018-11-06 Content detection method and device and electronic equipment Active CN109639637B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811310840.2A CN109639637B (en) 2018-11-06 2018-11-06 Content detection method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811310840.2A CN109639637B (en) 2018-11-06 2018-11-06 Content detection method and device and electronic equipment

Publications (2)

Publication Number Publication Date
CN109639637A CN109639637A (en) 2019-04-16
CN109639637B true CN109639637B (en) 2022-04-19

Family

ID=66067382

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811310840.2A Active CN109639637B (en) 2018-11-06 2018-11-06 Content detection method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN109639637B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104079559A (en) * 2014-06-05 2014-10-01 腾讯科技(深圳)有限公司 Web address security detecting method and device and server
US9253139B1 (en) * 2011-07-19 2016-02-02 West Corporation Method and apparatus of processing social networking-based user input information
WO2016071718A3 (en) * 2014-11-07 2016-07-14 Fast Web Media Limited Influencing content or access to content
CN106161362A (en) * 2015-04-03 2016-11-23 阿里巴巴集团控股有限公司 A kind of network application means of defence and equipment
CN107092826A (en) * 2017-03-24 2017-08-25 北京国舜科技股份有限公司 Web page contents real-time safety monitoring method
CN107403251A (en) * 2016-05-20 2017-11-28 阿里巴巴集团控股有限公司 Risk checking method and device

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103647774A (en) * 2013-12-13 2014-03-19 扬州永信计算机有限公司 Web content information filtering method based on cloud computing
CN103685308B (en) * 2013-12-25 2017-04-26 北京奇虎科技有限公司 Detection method and system of phishing web pages, client and server

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9253139B1 (en) * 2011-07-19 2016-02-02 West Corporation Method and apparatus of processing social networking-based user input information
CN104079559A (en) * 2014-06-05 2014-10-01 腾讯科技(深圳)有限公司 Web address security detecting method and device and server
WO2016071718A3 (en) * 2014-11-07 2016-07-14 Fast Web Media Limited Influencing content or access to content
CN106161362A (en) * 2015-04-03 2016-11-23 阿里巴巴集团控股有限公司 A kind of network application means of defence and equipment
CN107403251A (en) * 2016-05-20 2017-11-28 阿里巴巴集团控股有限公司 Risk checking method and device
CN107092826A (en) * 2017-03-24 2017-08-25 北京国舜科技股份有限公司 Web page contents real-time safety monitoring method

Also Published As

Publication number Publication date
CN109639637A (en) 2019-04-16

Similar Documents

Publication Publication Date Title
CN109347787B (en) Identity information identification method and device
CN109447469B (en) Text detection method, device and equipment
CN111400765A (en) Private data access method and device and electronic equipment
TW201939379A (en) Information conversion rate prediction method and apparatus, and information recommendation method and apparatus
CN111833189A (en) Data processing method and device
CN108550046B (en) Resource and marketing recommendation method and device and electronic equipment
Xiao et al. An Android application risk evaluation framework based on minimum permission set identification
CN109615461B (en) Target user identification method, illegal merchant identification method and device
CN109271611B (en) Data verification method and device and electronic equipment
CN110751515A (en) Decision-making method and device based on user consumption behaviors, electronic equipment and storage medium
CN110334013B (en) Decision engine testing method and device and electronic equipment
WO2020082829A1 (en) User age prediction method, apparatus, and device
CN111582872A (en) Abnormal account detection model training method, abnormal account detection device and abnormal account detection equipment
CN115952162A (en) Data quality checking method, device and equipment
CN115827903A (en) Violation detection method and device for media information, electronic equipment and storage medium
CN110443291B (en) Model training method, device and equipment
CN111275071B (en) Prediction model training method, prediction device and electronic equipment
CN109639637B (en) Content detection method and device and electronic equipment
KR102192327B1 (en) Method for evaluating and predicting trust index using small data
CN111709748A (en) Transaction execution method and device with service attribute and electronic equipment
CN109063967B (en) Processing method and device for wind control scene feature tensor and electronic equipment
CN109615465B (en) Service order processing method and device and electronic equipment
CN110458393B (en) Method and device for determining risk identification scheme and electronic equipment
CN111523138B (en) Method, device and system for protecting private data and electronic equipment
CN111143203B (en) Machine learning method, privacy code determination method, device and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20200923

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman, British Islands

Applicant after: Innovative advanced technology Co.,Ltd.

Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman, British Islands

Applicant before: Advanced innovation technology Co.,Ltd.

Effective date of registration: 20200923

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman, British Islands

Applicant after: Advanced innovation technology Co.,Ltd.

Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands

Applicant before: Alibaba Group Holding Ltd.

GR01 Patent grant
GR01 Patent grant